Highgate Hotels Data Breach Exposes Social Security Numbers

Real estate investment and hospitality management giant, Highgate Hotels, L.P., recently experienced a significant data breach that exposed a wide range of sensitive consumer information. The breach was discovered on September 13, 2024, but the actual unauthorized access occurred over two days, March 25 and March 26, 2024.

The breach affected individuals across the United States, including 1,474 individuals in Texas and 10 individuals in Maine.

The breach was reported to the California Attorney General's office on December 10, 2024, the Maine Attorney General's office on December 10, 2024, and the Texas Attorney General's office on December 9, 2024.

The compromised information includes highly sensitive data, which could lead to serious risks of identity theft and financial fraud.

The types of consumer information exposed in this breach include:

• Names
• Addresses
• Social Security numbers
• Tax identification numbers
• Driver’s license numbers
• State identification card numbers
• Passport numbers
• Other government-issued identification numbers
• Financial account information
• Payment card information
• Medical information
• Health insurance information

The severity of this breach is compounded by the breadth of information exposed, as it includes both personal identification and financial details. This type of information could be exploited for identity theft, fraudulent transactions, and other malicious activities.

Highgate Hotels' response

Highgate Hotels, L.P. has taken steps to address the breach and notify affected individuals. Consumers were informed of the incident via written notice sent through U.S. Mail on December 6, 2024. The company also reported the breach to relevant state authorities, including the Attorneys General of California, Maine, and Texas, as required by law.

Steps to take if you are affected by the data breach

If you believe you may have been affected by this data breach, it is crucial to act quickly to protect yourself. Given the sensitive nature of the information exposed, here are some steps you should take:

1. Monitor your financial accounts closely: Regularly review your bank statements, credit card activity, and other financial accounts for unauthorized transactions. Report any suspicious activity to your bank or financial institution immediately.
2. Place a fraud alert on your credit file: Contact one of the three major credit reporting agencies—Equifax, Experian, or TransUnion—to place a fraud alert on your credit file. This will make it harder for identity thieves to open accounts in your name.
3. Consider freezing your credit: A credit freeze prevents lenders from accessing your credit report, making it more difficult for fraudsters to open accounts in your name. You can unfreeze your credit temporarily if you need to apply for credit.
4. Obtain free credit reports: Visit AnnualCreditReport.com to request free copies of your credit report from each of the three major credit bureaus. Review them carefully for any inaccuracies or unauthorized accounts.
5. Be cautious of phishing attempts: Scammers may attempt to exploit this breach by sending fake emails or messages pretending to be from Highgate Hotels or other trusted entities. Avoid clicking on links or downloading attachments from unknown sources.
6. Enroll in identity theft protection services: If offered by Highgate Hotels, consider taking advantage of any free credit monitoring or identity theft protection services they provide. These services can help detect and address potential misuse of your information.
7. Report identity theft: If you suspect your information has been misused, file a report with the Federal Trade Commission (FTC) at IdentityTheft.gov and consider filing a police report.
8. Secure your online accounts: Change passwords for any accounts that may have been compromised, and enable two-factor authentication wherever possible for an added layer of security.

By taking these proactive steps, you can reduce the risk of identity theft and better protect your personal and financial information.

For more details, you can view the official disclosure on the Maine Attorney General's website, the Texas Attorney General's website, and the California Attorney General's website.